56 #define CONNECTION_EDGE_PRIVATE
81 #include "feature/client/circpathbias.h"
111 #include "core/or/or_circuit_st.h"
117 #ifdef HAVE_LINUX_TYPES_H
118 #include <linux/types.h>
120 #ifdef HAVE_LINUX_NETFILTER_IPV4_H
121 #include <linux/netfilter_ipv4.h>
122 #define TRANS_NETFILTER
123 #define TRANS_NETFILTER_IPV4
126 #ifdef HAVE_LINUX_IF_H
127 #include <linux/if.h>
130 #ifdef HAVE_LINUX_NETFILTER_IPV6_IP6_TABLES_H
131 #include <linux/netfilter_ipv6/ip6_tables.h>
132 #if defined(IP6T_SO_ORIGINAL_DST)
133 #define TRANS_NETFILTER
134 #define TRANS_NETFILTER_IPV6
141 #ifdef HAVE_SYS_IOCTL_H
142 #include <sys/ioctl.h>
144 #ifdef HAVE_SYS_PARAM_H
145 #include <sys/param.h>
148 #if defined(HAVE_NET_IF_H) && defined(HAVE_NET_PFVAR_H)
150 #include <net/pfvar.h>
154 #ifdef IP_TRANSPARENT
158 #define SOCKS4_GRANTED 90
159 #define SOCKS4_REJECT 91
178 c->
magic == ENTRY_CONNECTION_MAGIC);
250 int line,
const char *file))
265 "stream (marked at %s:%d) sending two socks replies?",
272 RESOLVED_TYPE_ERROR_TRANSIENT,
288 if (connection_get_inbuf_len(
TO_CONN(conn)) &&
293 log_info(
LD_EDGE,
"conn (fd "TOR_SOCKET_T_FORMAT
") reached eof. Closing.",
304 connection_mark_for_close(
TO_CONN(conn));
324 switch (conn->base_.
state) {
343 if (! conn->base_.
linked) {
351 connection_mark_for_close(
TO_CONN(conn));
358 "data from edge while in '%s' state. Sending it anyway. "
359 "package_partial=%d, buflen=%ld",
362 (
long)connection_get_inbuf_len(
TO_CONN(conn)));
365 connection_mark_for_close(
TO_CONN(conn));
379 "data from edge while in '%s' state. Leaving it on buffer.",
383 log_warn(
LD_BUG,
"Got unexpected state %d. Closing.",conn->base_.
state);
386 connection_mark_for_close(
TO_CONN(conn));
397 log_info(
LD_EDGE,
"CircID %u: At an edge. Marking connection for close.",
401 connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_DESTROY);
404 END_STREAM_REASON_DESTROY);
411 connection_mark_and_flush(
TO_CONN(conn));
432 reason = END_STREAM_REASON_MISC;
435 payload[0] = (char) reason;
441 return relay_send_command_from_edge(stream_id, circ, RELAY_COMMAND_END,
442 payload, 1, cpath_layer);
456 (reason == END_STREAM_REASON_CONNECTREFUSED ||
457 reason == END_STREAM_REASON_TIMEOUT)) {
458 #define WARN_FAILED_HS_CONNECTION 300
459 static ratelim_t warn_limit = RATELIM_INIT(WARN_FAILED_HS_CONNECTION);
462 log_warn(
LD_EDGE,
"Onion service connection to %s failed (%s)",
496 size_t payload_len=1;
498 uint8_t control_reason = reason;
501 log_warn(
LD_BUG,
"(Harmless.) Calling connection_edge_end (reason %d) "
502 "on an already ended stream?", reason);
509 "called on conn that's already marked for close at %s:%d.",
519 reason = END_STREAM_REASON_MISC;
522 payload[0] = (char)reason;
523 if (reason == END_STREAM_REASON_EXITPOLICY &&
534 payload_len += 4+addrlen;
538 log_debug(
LD_EDGE,
"Sending end on conn (fd "TOR_SOCKET_T_FORMAT
").",
547 payload, payload_len);
550 warn_if_hs_unreachable(conn, control_reason);
552 log_debug(
LD_EDGE,
"No circ to send end on conn "
553 "(fd "TOR_SOCKET_T_FORMAT
").",
603 log_warn(
LD_BUG,
"Duplicate stream close for stream %d on circuit %d",
763 int found, remove_idx;
774 half = smartlist_get(half_conns, remove_idx);
776 half_edge_free(half);
813 switch (conn->base_.
state) {
815 if (! conn->base_.
linked) {
842 switch (conn->base_.
state) {
857 log_warn(
LD_BUG,
"Called in unexpected state %d.",conn->base_.
state);
867 #define MAX_CONNECTED_CELL_PAYLOAD_LEN 25
881 int connected_payload_len;
886 if (family == AF_INET) {
888 connected_payload_len = 4;
889 }
else if (family == AF_INET6) {
893 connected_payload_len = 21;
899 connected_payload_len += 4;
903 return connected_payload_len;
917 const char dst_ipv6[] =
"::1";
919 const char src_ipv6_prefix[] =
"fc00:dead:beef:4dad:";
920 uint16_t dst_port = 0;
921 uint16_t src_port = 1;
927 src_port = gid & 0x0000ffff;
931 if (edge_conn->hs_ident) {
938 gid >> 16, gid & 0x0000ffff,
939 dst_ipv6, src_port, dst_port);
941 connection_buf_add(buf, strlen(buf),
TO_CONN(edge_conn));
959 log_info(LD_EXIT,
"%s established.",
967 if (connection_get_outbuf_len(conn))
973 RELAY_COMMAND_CONNECTED, NULL, 0) < 0)
977 int connected_payload_len =
980 if (connected_payload_len < 0)
984 RELAY_COMMAND_CONNECTED,
985 (
char*)connected_payload, connected_payload_len) < 0)
1001 static int untried_pending_connections = 0;
1015 log_warn(
LD_BUG,
"(Harmless.) Edge connection (marked at %s:%d) "
1016 "hasn't sent end yet?",
1036 log_warn(
LD_BUG,
"Closing stream (marked at %s:%d) without sending"
1037 " back a socks reply.",
1041 log_warn(
LD_BUG,
"Closing stream (marked at %s:%d) without having"
1046 log_warn(
LD_BUG,
"Closing stream (marked at %s:%d) without having"
1047 " replied to DNS request.",
1060 connection_ap_warn_and_unmark_if_pending_circ(entry_conn,
1122 time_t now = time(NULL);
1126 int seconds_idle, seconds_since_born;
1130 if (base_conn->type !=
CONN_TYPE_AP || base_conn->marked_for_close)
1137 seconds_idle = (int)( now - base_conn->timestamp_last_read_allowed );
1138 seconds_since_born = (int)( now - base_conn->timestamp_created );
1150 "Tried for %d seconds to get a connection to %s:%d. "
1156 connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_TIMEOUT);
1165 if (seconds_idle < cutoff)
1169 log_info(
LD_APP,
"Conn is waiting (address %s), but lost its circ.",
1171 connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_TIMEOUT);
1177 "Rend stream is %d seconds late. Giving up on address"
1186 connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_TIMEOUT);
1197 log_warn(
LD_BUG,
"circuit->purpose == CIRCUIT_PURPOSE_C_GENERAL failed. "
1198 "The purpose on the circuit was %s; it was in state %s, "
1207 "We tried for %d seconds to connect to '%s' using exit %s."
1208 " Retrying on a new circuit.",
1229 END_STREAM_REASON_TIMEOUT)<0) {
1230 if (!base_conn->marked_for_close)
1231 connection_mark_unattached_ap(entry_conn,
1234 } SMARTLIST_FOREACH_END(base_conn);
1251 if (conn->marked_for_close ||
1259 log_warn(
LD_BUG,
"Found a connection %p that was supposed to be "
1260 "in pending_entry_connections, but wasn't. No worries; "
1263 untried_pending_connections = 1;
1264 connection_ap_mark_as_pending_circuit(entry_conn);
1267 } SMARTLIST_FOREACH_END(conn);
1272 #ifdef DEBUGGING_17659
1273 #define UNMARK() do { \
1274 entry_conn->marked_pending_circ_line = 0; \
1275 entry_conn->marked_pending_circ_file = 0; \
1278 #define UNMARK() do { } while (0)
1295 if (untried_pending_connections == 0 && !retry)
1312 if (conn->
magic != ENTRY_CONNECTION_MAGIC) {
1313 log_warn(
LD_BUG,
"%p has impossible magic value %u.",
1314 entry_conn, (
unsigned)conn->
magic);
1319 log_warn(
LD_BUG,
"%p is no longer in circuit_wait. Its current state "
1320 "is %s. Why is it on pending_entry_connections?",
1330 connection_mark_unattached_ap(entry_conn,
1349 } SMARTLIST_FOREACH_END(entry_conn);
1351 smartlist_free(pending);
1352 untried_pending_connections = 0;
1372 const char *fname,
int lineno)
1385 attach_pending_entry_connections_cb, NULL);
1389 log_warn(
LD_BUG,
"What?? pending_entry_connections already contains %p! "
1390 "(Called from %s:%d.)",
1391 entry_conn, fname, lineno);
1392 #ifdef DEBUGGING_17659
1393 const char *f2 = entry_conn->marked_pending_circ_file;
1394 log_warn(
LD_BUG,
"(Previously called from %s:%d.)\n",
1396 entry_conn->marked_pending_circ_line);
1402 #ifdef DEBUGGING_17659
1403 entry_conn->marked_pending_circ_line = (uint16_t) lineno;
1404 entry_conn->marked_pending_circ_file = fname;
1407 untried_pending_connections = 1;
1445 log_warn(
LD_BUG,
"What was %p doing in pending_entry_connections in %s?",
1464 if (conn->marked_for_close ||
1486 log_info(
LD_APP,
"Closing one-hop stream to '%s/%s' because the OR conn "
1489 connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_TIMEOUT);
1490 } SMARTLIST_FOREACH_END(conn);
1505 if (conn->marked_for_close ||
1514 NNF_NO_WARN_UNNAMED);
1516 if (!r1 || !r2 || r1 != r2)
1520 log_info(
LD_APP,
"Giving up on enclave exit '%s' for destination %s.",
1538 } SMARTLIST_FOREACH_END(conn);
1546 CONNECTION_AP_EXPECT_NONPENDING(conn);
1564 ENTRY_TO_CONN(conn)->timestamp_last_read_allowed = time(NULL);
1580 connection_ap_mark_as_pending_circuit(conn);
1598 log_warn(
LD_APP,
"Application request to port %d: this port is "
1599 "commonly used for unencrypted protocols. Please make sure "
1600 "you don't send anything you would mind the rest of the "
1601 "Internet reading!%s", port, reject ?
" Closing." :
"");
1603 port, reject ?
"REJECT" :
"WARN");
1607 log_info(
LD_APP,
"Port %d listed in RejectPlaintextPorts. Closing.", port);
1608 connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
1621 #define REND_SERVICE_ID_LEN_BASE32 16
1623 if (strlen(query) != REND_SERVICE_ID_LEN_BASE32)
1626 if (strspn(query,
BASE32_CHARS) != REND_SERVICE_ID_LEN_BASE32)
1663 s = strrchr(address,
'.');
1665 *type_out = NORMAL_HOSTNAME;
1668 if (!strcmp(s+1,
"exit")) {
1670 *type_out = EXIT_HOSTNAME;
1673 if (strcmp(s+1,
"onion")) {
1674 *type_out = NORMAL_HOSTNAME;
1681 q = strrchr(address,
'.');
1683 *type_out = BAD_HOSTNAME;
1686 q = (NULL == q) ? address : q + 1;
1689 *type_out = BAD_HOSTNAME;
1693 memmove(address, q, strlen(q) + 1 );
1696 if (strlen(query) == REND_SERVICE_ID_LEN_BASE32) {
1697 *type_out = ONION_V2_HOSTNAME;
1706 *type_out = ONION_V3_HOSTNAME;
1714 *type_out = BAD_HOSTNAME;
1722 const bool is_onion = (*type_out == ONION_V2_HOSTNAME) ||
1723 (*type_out == ONION_V3_HOSTNAME);
1724 log_warn(
LD_APP,
"Invalid %shostname %s; rejecting",
1725 is_onion ?
"onion " :
"",
1726 safe_str_client(address));
1727 if (*type_out == ONION_V3_HOSTNAME) {
1728 *type_out = BAD_HOSTNAME;
1736 #define TRACKHOSTEXITS_RETRIES 5
1764 rewrite_result_t *out)
1773 out->map_expires = TIME_MAX;
1774 out->end_reason = 0;
1775 out->should_close = 0;
1776 out->orig_address[0] = 0;
1781 strlcpy(out->orig_address, socks->
address,
sizeof(out->orig_address));
1782 log_debug(
LD_APP,
"Client asked for %s:%d",
1783 safe_str_client(socks->
address),
1790 static ratelim_t exit_warning_limit = RATELIM_INIT(60*15);
1792 "The \".exit\" notation is disabled in Tor due to "
1796 out->end_reason = END_STREAM_REASON_TORPROTOCOL;
1797 out->should_close = 1;
1816 const unsigned rewrite_flags = AMR_FLAG_USE_MAPADDRESS;
1818 rewrite_flags, &out->map_expires, &out->exit_source)) {
1838 const char *new_addr;
1841 int addr_type = RESOLVED_TYPE_IPV4;
1843 if (!conn->entry_cfg.ipv4_traffic ||
1844 (conn->entry_cfg.ipv6_traffic && conn->entry_cfg.prefer_ipv6) ||
1846 addr_type = RESOLVED_TYPE_IPV6;
1853 addr_type, tor_strdup(socks->
address));
1855 log_warn(
LD_APP,
"Unable to automap address %s",
1857 out->end_reason = END_STREAM_REASON_INTERNAL;
1858 out->should_close = 1;
1861 log_info(
LD_APP,
"Automapping %s to %s",
1863 safe_str_client(new_addr));
1872 unsigned rewrite_flags = 0;
1874 rewrite_flags |= AMR_FLAG_USE_IPV4_DNS;
1875 if (conn->entry_cfg.use_cached_ipv6_answers)
1876 rewrite_flags |= AMR_FLAG_USE_IPV6_DNS;
1879 rewrite_flags, &out->map_expires)) {
1880 char *result = tor_strdup(socks->
address);
1885 strlen(result), (uint8_t*)result,
1889 out->end_reason = END_STREAM_REASON_DONE |
1891 out->should_close = 1;
1903 &addr, socks->
address, AF_UNSPEC, 1);
1904 if (ok == 1 && tor_addr_is_internal(&addr, 0)) {
1906 0, NULL, -1, TIME_MAX);
1909 out->should_close = 1;
1924 unsigned rewrite_flags = AMR_FLAG_USE_AUTOMAP | AMR_FLAG_USE_TRACKEXIT;
1927 rewrite_flags |= AMR_FLAG_USE_IPV4_DNS;
1928 if (conn->entry_cfg.use_cached_ipv6_answers)
1929 rewrite_flags |= AMR_FLAG_USE_IPV6_DNS;
1931 rewrite_flags, &out->map_expires, &exit_source2)) {
1938 out->exit_source = exit_source2;
1951 log_warn(
LD_APP,
"Missing mapping for virtual address '%s'. Refusing.",
1952 safe_str_client(socks->
address));
1953 out->end_reason = END_STREAM_REASON_INTERNAL;
1954 out->should_close = 1;
1971 if (!conn->entry_cfg.onion_traffic) {
1972 log_warn(
LD_APP,
"Onion address %s requested from a port with .onion "
1973 "disabled", safe_str_client(socks->
address));
1974 connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
1980 if (SOCKS_COMMAND_IS_RESOLVE(socks->
command)) {
1984 "Resolve requests to hidden services not allowed. Failing.");
1986 0,NULL,-1,TIME_MAX);
1987 connection_mark_unattached_ap(conn,
1996 log_warn(
LD_CONTROL,
"Attachstream to a circuit is not "
1997 "supported for .onion addresses currently. Failing.");
1998 connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
2002 int descriptor_is_usable = 0;
2011 log_warn(
LD_GENERAL,
"failed to parse hs address");
2019 unsigned int refetch_desc = 0;
2022 descriptor_is_usable =
2025 log_info(
LD_GENERAL,
"Found %s descriptor in cache for %s. %s.",
2026 (descriptor_is_usable) ?
"usable" :
"unusable",
2027 safe_str_client(socks->
address),
2028 (descriptor_is_usable) ?
"Not fetching." :
"Refetching.");
2031 log_info(
LD_REND,
"No descriptor found in our cache for %s. Fetching.",
2032 safe_str_client(socks->
address));
2044 if (refetch_desc || !descriptor_is_usable) {
2071 log_info(
LD_REND,
"Descriptor is here. Great.");
2076 connection_ap_mark_as_pending_circuit(conn);
2103 time_t now = time(NULL);
2104 rewrite_result_t rr;
2109 memset(&rr, 0,
sizeof(rr));
2110 connection_ap_handshake_rewrite(conn,&rr);
2112 if (rr.should_close) {
2116 connection_mark_unattached_ap(conn, rr.end_reason);
2123 const time_t map_expires = rr.map_expires;
2124 const int automap = rr.automap;
2133 if (addresstype == BAD_HOSTNAME) {
2136 connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
2146 if (addresstype == EXIT_HOSTNAME) {
2151 const node_t *node = NULL;
2159 log_warn(
LD_APP,
"Stale automapped address for '%s.exit'. Refusing.",
2160 safe_str_client(socks->
address));
2163 connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
2173 log_warn(
LD_BUG,
"Address '%s.exit', with impossible source for the "
2174 ".exit part. Refusing.",
2175 safe_str_client(socks->
address));
2178 connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
2189 char *s = strrchr(socks->
address,
'.');
2204 log_warn(
LD_APP,
"Malformed exit address '%s.exit'. Refusing.",
2205 safe_str_client(socks->
address));
2208 connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
2226 "Unrecognized relay in exit address '%s.exit'. Refusing.",
2227 safe_str_client(socks->
address));
2228 connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
2234 "Excluded relay in exit address '%s.exit'. Refusing.",
2235 safe_str_client(socks->
address));
2236 connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
2245 if (addresstype != ONION_V3_HOSTNAME && addresstype != ONION_V2_HOSTNAME) {
2256 "Destination '%s' seems to be an invalid hostname. Failing.",
2257 safe_str_client(socks->
address));
2258 connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
2273 if (!conn->entry_cfg.dns_request && !conn->entry_cfg.ipv4_traffic
2274 && !conn->entry_cfg.ipv6_traffic) {
2275 log_warn(
LD_APP,
"Refusing to connect to non-hidden-service hostname "
2276 "or IP address %s because Port has OnionTrafficOnly set (or "
2277 "NoDNSRequest, NoIPv4Traffic, and NoIPv6Traffic).",
2278 safe_str_client(socks->
address));
2279 connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
2288 if (socks_family == -1) {
2289 if (!conn->entry_cfg.dns_request) {
2290 log_warn(
LD_APP,
"Refusing to connect to hostname %s "
2291 "because Port has NoDNSRequest set.",
2292 safe_str_client(socks->
address));
2293 connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
2296 }
else if (socks_family == AF_INET) {
2297 if (!conn->entry_cfg.ipv4_traffic) {
2298 log_warn(
LD_APP,
"Refusing to connect to IPv4 address %s because "
2299 "Port has NoIPv4Traffic set.",
2300 safe_str_client(socks->
address));
2301 connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
2304 }
else if (socks_family == AF_INET6) {
2305 if (!conn->entry_cfg.ipv6_traffic) {
2306 log_warn(
LD_APP,
"Refusing to connect to IPv6 address %s because "
2307 "Port has NoIPv6Traffic set.",
2308 safe_str_client(socks->
address));
2309 connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
2313 tor_assert_nonfatal_unreached_once();
2324 strlcpy(socks->
address, rr.orig_address,
sizeof(socks->
address));
2327 connection_mark_unattached_ap(conn,
2328 END_STREAM_REASON_DONE |
2339 if (socks->
port == 0) {
2340 log_notice(
LD_APP,
"Application asked to connect to port 0. Refusing.");
2341 connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
2355 tor_addr_is_internal(&addr, 0))) {
2360 #define WARN_INTRVL_LOOP 300
2361 static ratelim_t loop_warn_limit = RATELIM_INIT(WARN_INTRVL_LOOP);
2365 "Rejecting request for anonymous connection to private "
2366 "address %s on a TransPort or NATDPort. Possible loop "
2367 "in your NAT rules?%s", safe_str_client(socks->
address),
2372 #define WARN_INTRVL_PRIV 300
2373 static ratelim_t priv_warn_limit = RATELIM_INIT(WARN_INTRVL_PRIV);
2377 "Rejecting SOCKS request for anonymous connection to "
2378 "private address %s.%s",
2379 safe_str_client(socks->
address),m);
2399 if ((family == AF_INET && ! conn->entry_cfg.ipv4_traffic) ||
2400 (family == AF_INET6 && ! conn->entry_cfg.ipv6_traffic)) {
2403 log_warn(
LD_NET,
"Rejecting SOCKS request for an IP address "
2404 "family that this listener does not support.");
2405 connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
2407 }
else if (family == AF_INET6 && socks->
socks_version == 4) {
2410 log_warn(
LD_NET,
"Rejecting SOCKS4 request for an IPv6 address.");
2411 connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
2414 !conn->entry_cfg.ipv4_traffic) {
2418 log_warn(
LD_NET,
"Rejecting SOCKS4 request on a listener with "
2419 "no IPv4 traffic supported.");
2420 connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
2422 }
else if (family == AF_INET6) {
2425 conn->entry_cfg.ipv4_traffic = 0;
2426 }
else if (family == AF_INET) {
2429 conn->entry_cfg.ipv6_traffic = 0;
2441 log_warn(
LD_APP,
"Not attempting connection to %s:%d because "
2442 "the network would reject it. Are you trying to send "
2443 "Tor traffic over Tor? This traffic can be harmful to "
2444 "the Tor network. If you really need it, try using "
2445 "a bridge as a workaround.",
2447 connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
2455 conn->entry_cfg.ipv6_traffic = 0;
2469 "Redirecting address %s to exit at enclave router %s",
2513 connection_ap_mark_as_pending_circuit(conn);
2532 if (addresstype == ONION_V2_HOSTNAME) {
2533 log_warn(
LD_PROTOCOL,
"Tried to connect to a v2 onion address, but this "
2534 "version of Tor no longer supports them. Please encourage the "
2535 "site operator to upgrade. For more information see "
2536 "https://blog.torproject.org/v2-deprecation-timeline.");
2539 connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
2543 tor_assert(addresstype == ONION_V3_HOSTNAME);
2552 static int pf_socket = -1;
2561 #if defined(OpenBSD)
2570 log_warn(
LD_NET,
"open(\"/dev/pf\") failed: %s", strerror(errno));
2579 #if defined(TRANS_NETFILTER) || defined(TRANS_PF) || \
2580 defined(TRANS_TPROXY)
2586 struct sockaddr_storage orig_dst;
2587 socklen_t orig_dst_len =
sizeof(orig_dst);
2592 if (getsockname(
ENTRY_TO_CONN(conn)->s, (
struct sockaddr*)&orig_dst,
2593 &orig_dst_len) < 0) {
2595 log_warn(
LD_NET,
"getsockname() failed: %s", tor_socket_strerror(e));
2602 #ifdef TRANS_NETFILTER
2605 #ifdef TRANS_NETFILTER_IPV4
2607 rv = getsockopt(
ENTRY_TO_CONN(conn)->s, SOL_IP, SO_ORIGINAL_DST,
2608 (
struct sockaddr*)&orig_dst, &orig_dst_len);
2611 #ifdef TRANS_NETFILTER_IPV6
2613 rv = getsockopt(
ENTRY_TO_CONN(conn)->s, SOL_IPV6, IP6T_SO_ORIGINAL_DST,
2614 (
struct sockaddr*)&orig_dst, &orig_dst_len);
2618 log_warn(
LD_BUG,
"Received transparent data from an unsupported "
2625 log_warn(
LD_NET,
"getsockopt() failed: %s", tor_socket_strerror(e));
2629 #elif defined(TRANS_PF)
2630 if (getsockname(
ENTRY_TO_CONN(conn)->s, (
struct sockaddr*)&orig_dst,
2631 &orig_dst_len) < 0) {
2633 log_warn(
LD_NET,
"getsockname() failed: %s", tor_socket_strerror(e));
2640 log_warn(
LD_BUG,
"Unable to determine destination from socket.");
2656 struct sockaddr_storage proxy_addr;
2657 socklen_t proxy_addr_len =
sizeof(proxy_addr);
2658 struct sockaddr *proxy_sa = (
struct sockaddr*) &proxy_addr;
2659 struct pfioc_natlook pnl;
2663 if (getsockname(
ENTRY_TO_CONN(conn)->s, (
struct sockaddr*)&proxy_addr,
2664 &proxy_addr_len) < 0) {
2666 log_warn(
LD_NET,
"getsockname() to determine transocks destination "
2667 "failed: %s", tor_socket_strerror(e));
2672 if (
get_options()->TransProxyType_parsed == TPT_IPFW) {
2686 memset(&pnl, 0,
sizeof(pnl));
2687 pnl.proto = IPPROTO_TCP;
2688 pnl.direction = PF_OUT;
2689 if (proxy_sa->sa_family == AF_INET) {
2690 struct sockaddr_in *sin = (
struct sockaddr_in *)proxy_sa;
2694 pnl.daddr.v4.s_addr = sin->sin_addr.s_addr;
2695 pnl.dport = sin->sin_port;
2696 }
else if (proxy_sa->sa_family == AF_INET6) {
2703 memcpy(&pnl.saddr.v6, dest_in6,
sizeof(
struct in6_addr));
2705 memcpy(&pnl.daddr.v6, &sin6->sin6_addr,
sizeof(
struct in6_addr));
2706 pnl.dport = sin6->sin6_port;
2708 log_warn(
LD_NET,
"getsockname() gave an unexpected address family (%d)",
2709 (
int)proxy_sa->sa_family);
2713 pf = get_pf_socket();
2717 if (ioctl(pf, DIOCNATLOOK, &pnl) < 0) {
2718 log_warn(
LD_NET,
"ioctl(DIOCNATLOOK) failed: %s", strerror(errno));
2722 if (pnl.af == AF_INET) {
2724 }
else if (pnl.af == AF_INET6) {
2732 req->
port = ntohs(pnl.rdport);
2749 #ifdef TRANS_NETFILTER
2750 return destination_from_socket(conn, req);
2751 #elif defined(TRANS_PF)
2755 return destination_from_socket(conn, req);
2759 return destination_from_pf(conn, req);
2763 log_warn(
LD_BUG,
"Proxy destination determination mechanism %s unknown.",
2769 log_warn(
LD_BUG,
"Called connection_ap_get_original_destination, but no "
2770 "transparent proxy method was configured.");
2800 log_debug(
LD_APP,
"entered.");
2807 connection_buf_add((
const char*)socks->
reply, socks->
replylen,
2810 if (sockshere == -1) {
2817 if (sockshere == 0) {
2818 log_debug(
LD_APP,
"socks handshake not all here yet.");
2820 }
else if (sockshere == -1) {
2822 log_warn(
LD_APP,
"Fetching socks handshake failed. Closing.");
2826 connection_mark_unattached_ap(conn,
2832 if (SOCKS_COMMAND_IS_CONNECT(socks->
command))
2861 log_debug(
LD_APP,
"entered.");
2864 log_warn(
LD_APP,
"Fetching original destination failed. Closing.");
2865 connection_mark_unattached_ap(conn,
2890 char tmp_buf[36], *tbuf, *daddr;
2900 log_debug(
LD_APP,
"entered.");
2908 log_warn(
LD_APP,
"NATD handshake failed (DEST too long). Closing");
2914 log_warn(
LD_APP,
"NATD handshake was ill-formed; closing. The client "
2921 daddr = tbuf = &tmp_buf[0] + 6;
2922 if (!(tbuf = strchr(tbuf,
' '))) {
2923 log_warn(
LD_APP,
"NATD handshake was ill-formed; closing. The client "
2934 socks->
port = (uint16_t)
2937 log_warn(
LD_APP,
"NATD handshake failed; port %s is ill-formed or out "
2953 static const char HTTP_CONNECT_IS_NOT_AN_HTTP_PROXY_MSG[] =
2954 "HTTP/1.0 405 Method Not Allowed\r\n"
2955 "Content-Type: text/html; charset=iso-8859-1\r\n\r\n"
2958 "<title>This is an HTTP CONNECT tunnel, not a full HTTP Proxy</title>\n"
2961 "<h1>This is an HTTP CONNECT tunnel, not an HTTP proxy.</h1>\n"
2963 "It appears you have configured your web browser to use this Tor port as\n"
2966 "This is not correct: This port is configured as a CONNECT tunnel, not\n"
2967 "an HTTP proxy. Please configure your client accordingly. You can also\n"
2968 "use HTTPS; then the client should automatically use HTTP CONNECT."
2971 "See <a href=\"https://www.torproject.org/documentation.html\">"
2972 "https://www.torproject.org/documentation.html</a> for more "
2990 char *headers = NULL, *body = NULL;
2991 char *
command = NULL, *addrport = NULL;
2995 const char *errmsg = NULL;
2998 const int http_status =
3000 &body, &bodylen, 1024, 0);
3001 if (http_status < 0) {
3003 errmsg =
"HTTP/1.0 400 Bad Request\r\n\r\n";
3005 }
else if (http_status == 0) {
3011 if (cmd_status < 0) {
3012 errmsg =
"HTTP/1.0 400 Bad Request\r\n\r\n";
3017 if (strcasecmp(
command,
"connect")) {
3018 errmsg = HTTP_CONNECT_IS_NOT_AN_HTTP_PROXY_MSG;
3026 errmsg =
"HTTP/1.0 400 Bad Request\r\n\r\n";
3029 if (strlen(addr) >= MAX_SOCKS_ADDR_LEN) {
3030 errmsg =
"HTTP/1.0 414 Request-URI Too Long\r\n\r\n";
3037 char *authorization =
http_get_header(headers,
"Proxy-Authorization: ");
3038 if (authorization) {
3042 char *isolation =
http_get_header(headers,
"X-Tor-Stream-Isolation: ");
3063 if (BUG(errmsg == NULL))
3064 errmsg =
"HTTP/1.0 400 Bad Request\r\n\r\n";
3065 log_info(
LD_EDGE,
"HTTP tunnel error: saying %s",
escaped(errmsg));
3066 connection_buf_add(errmsg, strlen(errmsg),
ENTRY_TO_CONN(conn));
3070 connection_mark_unattached_ap(conn,
3091 uint32_t attempts=0;
3095 if (++attempts > 1<<16) {
3097 log_warn(
LD_APP,
"No unused stream IDs. Failing.");
3100 if (test_stream_id == 0)
3103 if (tmpconn->
stream_id == test_stream_id)
3110 return test_stream_id;
3138 const node_t *exitnode = NULL;
3151 if (ap_conn->entry_cfg.ipv4_traffic && !ap_conn->entry_cfg.ipv6_traffic)
3154 if (! cpath_layer ||
3158 if (!ap_conn->entry_cfg.ipv4_traffic)
3163 if (ap_conn->entry_cfg.ipv6_traffic && exitnode) {
3178 if (ap_conn->entry_cfg.prefer_ipv6)
3183 log_warn(
LD_EDGE,
"I'm about to ask a node for a connection that I "
3184 "am telling it to fulfil with neither IPv4 nor IPv6. That's "
3185 "not going to work. Did you perhaps ask for an IPv6 address "
3186 "on an IPv4Only port, or vice versa?");
3219 connection_mark_unattached_ap(ap_conn, END_STREAM_REASON_INTERNAL);
3234 payload_len = (int)strlen(payload)+1;
3235 if (payload_len <= RELAY_PAYLOAD_SIZE - 4 && edge_conn->begincell_flags) {
3236 set_uint32(payload + payload_len, htonl(edge_conn->begincell_flags));
3241 "Sending relay cell %d on circ %u to begin stream %d.",
3247 RELAY_COMMAND_BEGIN_DIR : RELAY_COMMAND_BEGIN;
3250 if (begin_type == RELAY_COMMAND_BEGIN) {
3254 assert_circ_anonymity_ok(circ, options);
3255 }
else if (begin_type == RELAY_COMMAND_BEGIN_DIR) {
3259 if (BUG(!base_conn->
linked)) {
3265 if (!linked_dir_conn_base) {
3273 TO_DIR_CONN(linked_dir_conn_base)->router_purpose,
3274 TO_DIR_CONN(linked_dir_conn_base)->requested_resource)) {
3275 assert_circ_anonymity_ok(circ, options);
3280 tor_assert_unreached();
3284 begin_type == RELAY_COMMAND_BEGIN ? payload : NULL,
3285 begin_type == RELAY_COMMAND_BEGIN ? payload_len : 0) < 0)
3291 log_info(
LD_APP,
"Address/port sent, ap socket "TOR_SOCKET_T_FORMAT
3293 base_conn->
s, (
unsigned)circ->base_.
n_circ_id);
3297 if ((connection_get_inbuf_len(base_conn) ||
3298 ap_conn->sending_optimistic_data) &&
3300 log_info(
LD_APP,
"Sending up to %ld + %ld bytes of queued-up data",
3301 (
long)connection_get_inbuf_len(base_conn),
3302 ap_conn->sending_optimistic_data ?
3303 (
long)
buf_datalen(ap_conn->sending_optimistic_data) : 0);
3305 connection_mark_for_close(base_conn);
3321 const char *string_addr;
3341 connection_mark_unattached_ap(ap_conn, END_STREAM_REASON_INTERNAL);
3350 payload_len = (int)strlen(string_addr)+1;
3361 log_warn(
LD_APP,
"Rejecting ill-formed reverse lookup of %s",
3362 safe_str_client(a));
3363 connection_mark_unattached_ap(ap_conn, END_STREAM_REASON_INTERNAL);
3369 log_warn(
LD_BUG,
"Couldn't generate reverse lookup hostname of %s",
3370 safe_str_client(a));
3371 connection_mark_unattached_ap(ap_conn, END_STREAM_REASON_INTERNAL);
3375 string_addr = inaddr_buf;
3376 payload_len = (int)strlen(inaddr_buf)+1;
3377 tor_assert(payload_len <= (
int)
sizeof(inaddr_buf));
3381 "Sending relay cell to begin stream %d.", edge_conn->
stream_id);
3384 RELAY_COMMAND_RESOLVE,
3385 string_addr, payload_len) < 0)
3393 log_info(
LD_APP,
"Address sent for resolve, ap socket "TOR_SOCKET_T_FORMAT
3395 base_conn->
s, (
unsigned)circ->base_.
n_circ_id);
3409 char *address, uint16_t port,
3411 int session_group,
int isolation_flags,
3412 int use_begindir,
int want_onehop)
3417 log_info(
LD_APP,
"Making internal %s tunnel to %s:%d ...",
3418 want_onehop ?
"direct" :
"anonymized",
3419 safe_str_client(address), port);
3450 base_conn->
address = tor_strdup(
"(Tor_internal)");
3452 base_conn->
port = 0;
3456 if (connection_add(base_conn) < 0) {
3457 connection_free(base_conn);
3466 connection_ap_mark_as_pending_circuit(conn);
3467 log_info(
LD_APP,
"... application connection created and linked.");
3482 uint64_t stream_id = 0;
3490 expires = time(NULL) + ttl;
3491 if (answer_type == RESOLVED_TYPE_IPV4 && answer_len >= 4) {
3495 cp, expires, NULL, 0, stream_id);
3497 }
else if (answer_type == RESOLVED_TYPE_HOSTNAME && answer_len < 256) {
3498 char *cp = tor_strndup(answer, answer_len);
3500 cp, expires, NULL, 0, stream_id);
3504 "<error>", time(NULL)+ttl,
3505 "error=yes", 0, stream_id);
3530 log_warn(
LD_BUG,
"Got called with address of unexpected family %d",
3533 RESOLVED_TYPE_ERROR,0,NULL,-1,-1);
3550 const uint8_t *answer,
3558 if (answer_type == RESOLVED_TYPE_IPV4 && answer_len == 4) {
3566 }
else if (answer_type == RESOLVED_TYPE_IPV6 && answer_len == 16) {
3574 }
else if (answer_type == RESOLVED_TYPE_HOSTNAME && answer_len < 256) {
3575 char *cp = tor_strndup((
char*)answer, answer_len);
3595 (
char*)answer, ttl, expires);
3604 if (answer_type == RESOLVED_TYPE_IPV4 && answer_len == 4) {
3605 buf[1] = SOCKS4_GRANTED;
3607 memcpy(buf+4, answer, 4);
3610 buf[1] = SOCKS4_REJECT;
3611 memset(buf+2, 0, 6);
3617 if (answer_type == RESOLVED_TYPE_IPV4 && answer_len == 4) {
3618 buf[1] = SOCKS5_SUCCEEDED;
3621 memcpy(buf+4, answer, 4);
3624 }
else if (answer_type == RESOLVED_TYPE_IPV6 && answer_len == 16) {
3625 buf[1] = SOCKS5_SUCCEEDED;
3628 memcpy(buf+4, answer, 16);
3631 }
else if (answer_type == RESOLVED_TYPE_HOSTNAME && answer_len < 256) {
3632 buf[1] = SOCKS5_SUCCEEDED;
3635 buf[4] = (char)answer_len;
3636 memcpy(buf+5, answer, answer_len);
3638 replylen = 5+answer_len+2;
3640 buf[1] = SOCKS5_HOST_UNREACHABLE;
3641 memset(buf+2, 0, 8);
3649 (answer_type == RESOLVED_TYPE_IPV4 ||
3650 answer_type == RESOLVED_TYPE_IPV6 ||
3651 answer_type == RESOLVED_TYPE_HOSTNAME) ?
3652 0 : END_STREAM_REASON_RESOLVEFAILED);
3666 size_t replylen,
int endreason)
3682 STREAM_EVENT_SUCCEEDED : STREAM_EVENT_FAILED,
3688 if (status == SOCKS5_SUCCEEDED ||
3689 endreason == END_STREAM_REASON_RESOLVEFAILED ||
3690 endreason == END_STREAM_REASON_CONNECTREFUSED ||
3691 endreason == END_STREAM_REASON_CONNRESET ||
3692 endreason == END_STREAM_REASON_NOROUTE ||
3693 endreason == END_STREAM_REASON_RESOURCELIMIT) {
3696 if (endreason != END_STREAM_REASON_RESOLVEFAILED) {
3698 "No origin circuit for successful SOCKS stream %"PRIu64
3720 log_warn(
LD_BUG,
"(Harmless.) duplicate calls to "
3721 "connection_ap_handshake_socks_reply.");
3733 response =
"HTTP/1.0 400 Bad Request\r\n\r\n";
3735 connection_buf_add(response, strlen(response),
ENTRY_TO_CONN(conn));
3738 buf[1] = (status==SOCKS5_SUCCEEDED ? SOCKS4_GRANTED : SOCKS4_REJECT);
3743 memset(buf,0,
sizeof(buf));
3746 buf[1] = (char)status;
3753 buf[1] = (char)status;
3777 uint8_t *end_reason_out)
3780 const uint8_t *body, *nul;
3782 memset(bcell, 0,
sizeof(*bcell));
3783 *end_reason_out = END_STREAM_REASON_MISC;
3792 if (rh.
command == RELAY_COMMAND_BEGIN_DIR) {
3793 bcell->is_begindir = 1;
3795 }
else if (rh.
command != RELAY_COMMAND_BEGIN) {
3796 log_warn(
LD_BUG,
"Got an unexpected command %d", (
int)rh.
command);
3797 *end_reason_out = END_STREAM_REASON_INTERNAL;
3802 nul = memchr(body, 0, rh.
length);
3805 "Relay begin cell has no \\0. Closing.");
3806 *end_reason_out = END_STREAM_REASON_TORPROTOCOL;
3812 &bcell->address,&bcell->port)<0) {
3814 "Unable to parse addr:port in relay begin cell. Closing.");
3815 *end_reason_out = END_STREAM_REASON_TORPROTOCOL;
3818 if (bcell->port == 0) {
3820 "Missing port in relay begin cell. Closing.");
3822 *end_reason_out = END_STREAM_REASON_TORPROTOCOL;
3825 if (body + rh.
length >= nul + 4)
3845 log_debug(
LD_REND,
"Connecting the hidden service rendezvous circuit "
3846 "to the service destination.");
3849 conn->base_.
address = tor_strdup(
"(rendezvous)");
3864 log_info(
LD_REND,
"Didn't find rendezvous service at %s",
3873 END_STREAM_REASON_DONE,
3905 if (conn->hs_ident) {
3908 export_hs_client_circuit_id(conn, circuit_id_protocol);
3942 char *address = NULL;
3950 uint8_t end_reason=0;
3963 return -END_CIRC_REASON_TORPROTOCOL;
3968 "Relay begin cell at non-server. Closing.");
3970 END_STREAM_REASON_EXITPOLICY, NULL);
3976 return -END_CIRC_REASON_TORPROTOCOL;
3977 }
else if (rv == -1) {
3983 if (! bcell.is_begindir) {
3986 address = bcell.address;
3989 if (or_circ && or_circ->
p_chan) {
3999 "Attempt by %s to open a stream %s. Closing.",
4001 client_chan ?
"on first hop of circuit" :
4002 "from unknown relay");
4005 END_STREAM_REASON_TORPROTOCOL :
4006 END_STREAM_REASON_MISC,
4012 }
else if (rh.
command == RELAY_COMMAND_BEGIN_DIR) {
4016 END_STREAM_REASON_NOTDIRECTORY, layer_hint);
4024 if (or_circ && or_circ->
p_chan &&
4028 address = tor_strdup(
"127.0.0.1");
4034 log_warn(
LD_BUG,
"Got an unexpected command %d", (
int)rh.
command);
4036 END_STREAM_REASON_INTERNAL, layer_hint);
4047 END_STREAM_REASON_EXITPOLICY, layer_hint);
4052 log_debug(LD_EXIT,
"Creating new exit connection.");
4062 n_stream->begincell_flags = bcell.flags;
4064 n_stream->base_.
port = port;
4083 n_stream->base_.
address = address;
4090 END_STREAM_REASON_HIBERNATING, NULL);
4097 if (rh.
command == RELAY_COMMAND_BEGIN_DIR) {
4107 log_debug(LD_EXIT,
"about to start the dns_resolve().");
4113 log_debug(LD_EXIT,
"about to call connection_exit_connect().");
4118 END_STREAM_REASON_RESOLVEFAILED, NULL);
4153 dummy_conn->base_.
address = tor_strndup(
4156 dummy_conn->base_.
port = 0;
4184 const char **why_rejected)
4190 *why_rejected =
" (IPv6 address without IPv6Exit configured)";
4218 int socket_error = 0, result;
4219 const char *why_failed_exit_policy = NULL;
4224 edge_conn->base_.
port,
4225 &why_failed_exit_policy)) {
4226 if (BUG(!why_failed_exit_policy))
4227 why_failed_exit_policy =
"";
4228 log_info(LD_EXIT,
"%s failed exit policy%s. Closing.",
4230 why_failed_exit_policy);
4233 connection_free(conn);
4256 log_info(LD_EXIT,
"%s tried to connect back to a known relay address. "
4260 connection_free(conn);
4264 #ifdef HAVE_SYS_UN_H
4275 log_debug(LD_EXIT,
"about to try connecting");
4277 addr, port, &socket_error);
4278 #ifdef HAVE_SYS_UN_H
4288 log_debug(LD_EXIT,
"about to try connecting");
4289 result = connection_connect_unix(conn, conn->
address, &socket_error);
4298 connection_free(conn);
4312 if (connection_get_outbuf_len(conn)) {
4323 RELAY_COMMAND_CONNECTED,
4327 int connected_payload_len =
4330 if (connected_payload_len < 0) {
4333 connection_free(conn);
4338 RELAY_COMMAND_CONNECTED,
4339 (
char*)connected_payload,
4340 connected_payload_len);
4357 log_info(LD_EXIT,
"Opening local connection for anonymized directory exit");
4364 dirconn->base_.
port = 0;
4376 if (connection_add(
TO_CONN(exitconn))<0) {
4387 if (connection_add(
TO_CONN(dirconn))<0) {
4390 connection_mark_for_close(
TO_CONN(exitconn));
4399 RELAY_COMMAND_CONNECTED, NULL, 0) < 0) {
4400 connection_mark_for_close(
TO_CONN(exitconn));
4401 connection_mark_for_close(
TO_CONN(dirconn));
4416 if (conn->hs_ident) {
4441 const node_t *chosen_exit =
4462 }
else if (!conn->entry_cfg.ipv4_traffic && conn->entry_cfg.ipv6_traffic) {
4465 }
else if (conn->entry_cfg.ipv4_traffic && !conn->entry_cfg.ipv6_traffic) {
4494 memeq_opt(
const char *a,
size_t alen,
const char *b,
size_t blen)
4498 }
else if (b == NULL) {
4500 }
else if (alen != blen) {
4535 log_warn(
LD_BUG,
"Reached connection_edge_compatible_with_circuit without "
4536 "having set conn->original_dest_address");
4553 circ->socks_username, circ->socks_username_len) ||
4555 circ->socks_password, circ->socks_password_len)))
4588 log_warn(
LD_BUG,
"Reached connection_update_circuit_isolation without "
4589 "having set conn->original_dest_address");
4606 circ->socks_username = sr->
username ?
4608 circ->socks_password = sr->
password ?
4622 circ->socks_username, circ->socks_username_len) ||
4624 circ->socks_password, circ->socks_password_len))
4640 log_warn(
LD_BUG,
"Updating a circuit with seemingly incompatible "
4641 "isolation flags.");
4663 log_warn(
LD_BUG,
"Tried to clear the isolation status of a dirty circuit");
4667 log_warn(
LD_BUG,
"Tried to clear the isolation status of a non-open "
4675 circ->client_proto_type = 0;
4676 circ->client_proto_socksver = 0;
4677 circ->dest_port = 0;
4680 circ->session_group = -1;
4681 circ->nym_epoch = 0;
4682 if (circ->socks_username) {
4683 memwipe(circ->socks_username, 0x11, circ->socks_username_len);
4686 if (circ->socks_password) {
4687 memwipe(circ->socks_password, 0x05, circ->socks_password_len);
4690 circ->socks_username_len = circ->socks_password_len = 0;
4709 connection_mark_for_close(
TO_CONN(conn));
4716 untried_pending_connections = 0;
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
void tor_addr_from_ipv4n(tor_addr_t *dest, uint32_t v4addr)
void tor_addr_make_unspec(tor_addr_t *a)
const char * tor_addr_to_str(char *dest, const tor_addr_t *addr, size_t len, int decorate)
int tor_addr_hostname_is_local(const char *name)
int tor_addr_parse(tor_addr_t *addr, const char *src)
void tor_addr_make_null(tor_addr_t *a, sa_family_t family)
char * tor_addr_to_str_dup(const tor_addr_t *addr)
int tor_addr_port_split(int severity, const char *addrport, char **address_out, uint16_t *port_out)
int tor_addr_is_null(const tor_addr_t *addr)
int tor_addr_parse_PTR_name(tor_addr_t *result, const char *address, int family, int accept_regular)
char * tor_dup_ip(uint32_t addr)
void tor_addr_from_in6(tor_addr_t *dest, const struct in6_addr *in6)
int tor_addr_from_sockaddr(tor_addr_t *a, const struct sockaddr *sa, uint16_t *port_out)
void tor_addr_from_ipv6_bytes(tor_addr_t *dest, const uint8_t *ipv6_bytes)
int tor_addr_to_PTR_name(char *out, size_t outlen, const tor_addr_t *addr)
static uint32_t tor_addr_to_ipv4n(const tor_addr_t *a)
#define REVERSE_LOOKUP_NAME_BUF_LEN
static sa_family_t tor_addr_family(const tor_addr_t *a)
static const struct in6_addr * tor_addr_to_in6(const tor_addr_t *a)
#define tor_addr_to_in6_addr8(x)
#define tor_addr_eq(a, b)
void client_dns_set_reverse_addressmap(entry_connection_t *for_conn, const char *address, const char *v, const char *exitname, int ttl)
void clear_trackexithost_mappings(const char *exitname)
int address_is_in_virtual_range(const char *address)
void client_dns_set_addressmap(entry_connection_t *for_conn, const char *address, const tor_addr_t *val, const char *exitname, int ttl)
int addressmap_rewrite(char *address, size_t maxlen, unsigned flags, time_t *expires_out, addressmap_entry_source_t *exit_source_out)
int addressmap_address_should_automap(const char *address, const or_options_t *options)
const char * addressmap_register_virtual_address(int type, char *new_address)
int addressmap_rewrite_reverse(char *address, size_t maxlen, unsigned flags, time_t *expires_out)
const char * hex_str(const char *from, size_t fromlen)
void base16_encode(char *dest, size_t destlen, const char *src, size_t srclen)
size_t buf_datalen(const buf_t *buf)
int buf_set_to_copy(buf_t **output, const buf_t *input)
Header file for buffers.c.
static void set_uint16(void *cp, uint16_t v)
static void set_uint32(void *cp, uint32_t v)
static void set_uint8(void *cp, uint8_t v)
static uint32_t get_uint32(const void *cp)
Fixed-size cell structure.
int channel_is_client(const channel_t *chan)
int channel_get_addr_if_possible(const channel_t *chan, tor_addr_t *addr_out)
const char * channel_describe_peer(channel_t *chan)
Header file for channel.c.
void pathbias_mark_use_rollback(origin_circuit_t *circ)
void pathbias_mark_use_success(origin_circuit_t *circ)
const char * pathbias_state_to_string(path_state_t state)
Header file for circuitbuild.c.
circuit_t * circuit_get_by_edge_conn(edge_connection_t *conn)
const char * circuit_purpose_to_string(uint8_t purpose)
void assert_circuit_ok(const circuit_t *c)
origin_circuit_t * TO_ORIGIN_CIRCUIT(circuit_t *x)
or_circuit_t * TO_OR_CIRCUIT(circuit_t *x)
const char * circuit_state_to_string(int state)
Header file for circuitlist.c.
#define CIRCUIT_PURPOSE_IS_CLIENT(p)
#define CIRCUIT_PURPOSE_C_MEASURE_TIMEOUT
#define CIRCUIT_PURPOSE_PATH_BIAS_TESTING
#define CIRCUIT_STATE_OPEN
#define CIRCUIT_PURPOSE_C_REND_JOINED
#define CIRCUIT_PURPOSE_CONTROLLER
#define CIRCUIT_IS_ORIGIN(c)
#define CIRCUIT_PURPOSE_OR
#define CIRCUIT_PURPOSE_S_REND_JOINED
#define CIRCUIT_PURPOSE_S_HSDIR_POST
#define CIRCUIT_PURPOSE_C_HSDIR_GET
#define CIRCUIT_PURPOSE_C_GENERAL
void circpad_machine_event_circ_has_streams(origin_circuit_t *circ)
Header file for circuitpadding.c.
void circuit_detach_stream(circuit_t *circ, edge_connection_t *conn)
void circuit_read_valid_data(origin_circuit_t *circ, uint16_t relay_body_len)
int connection_ap_handshake_attach_circuit(entry_connection_t *conn)
int connection_ap_handshake_attach_chosen_circuit(entry_connection_t *conn, origin_circuit_t *circ, crypt_path_t *cpath)
void mark_circuit_unusable_for_new_conns(origin_circuit_t *circ)
Header file for circuituse.c.
#define SUBTYPE_P(p, subtype, basemember)
mainloop_event_t * mainloop_event_postloop_new(void(*cb)(mainloop_event_t *, void *), void *userdata)
void mainloop_event_activate(mainloop_event_t *event)
Header for compat_libevent.c.
const or_options_t * get_options(void)
const char * escaped_safe_str_client(const char *address)
tor_cmdline_mode_t command
const char * escaped_safe_str(const char *address)
Header file for config.c.
const char * conn_state_to_string(int type, int state)
void connection_link_connections(connection_t *conn_a, connection_t *conn_b)
dir_connection_t * dir_connection_new(int socket_family)
int connection_buf_get_line(connection_t *conn, char *data, size_t *data_len)
void connection_mark_for_close_(connection_t *conn, int line, const char *file)
edge_connection_t * edge_connection_new(int type, int socket_family)
void connection_close_immediate(connection_t *conn)
const char * connection_describe(const connection_t *conn)
int connection_state_is_open(connection_t *conn)
const char * connection_describe_peer(const connection_t *conn)
entry_connection_t * entry_connection_new(int type, int socket_family)
void connection_free_(connection_t *conn)
int connection_connect(connection_t *conn, const char *address, const tor_addr_t *addr, uint16_t port, int *socket_error)
Header file for connection.c.
#define CONN_TYPE_AP_HTTP_CONNECT_LISTENER
#define CONN_TYPE_DIR_LISTENER
#define connection_mark_and_flush_(c, line, file)
int connection_edge_compatible_with_circuit(const entry_connection_t *conn, const origin_circuit_t *circ)
int connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn, origin_circuit_t *circ, crypt_path_t *cpath)
int connection_half_edge_is_valid_data(const smartlist_t *half_conns, streamid_t stream_id)
void connection_ap_mark_as_waiting_for_renddesc(entry_connection_t *entry_conn)
void connection_mark_unattached_ap_(entry_connection_t *conn, int endreason, int line, const char *file)
static uint32_t connection_ap_get_begincell_flags(entry_connection_t *ap_conn)
void connection_edge_free_all(void)
void connection_ap_mark_as_non_pending_circuit(entry_connection_t *entry_conn)
static int connection_half_edge_compare_bsearch(const void *key, const void **member)
static size_t n_half_conns_allocated
int connection_ap_rewrite_and_attach_if_allowed(entry_connection_t *conn, origin_circuit_t *circ, crypt_path_t *cpath)
static int connection_ap_supports_optimistic_data(const entry_connection_t *)
STATIC int connection_ap_process_http_connect(entry_connection_t *conn)
entry_connection_t * connection_ap_make_link(connection_t *partner, char *address, uint16_t port, const char *digest, int session_group, int isolation_flags, int use_begindir, int want_onehop)
#define MAX_CONNECTED_CELL_PAYLOAD_LEN
void connection_ap_expire_beginning(void)
void connection_ap_fail_onehop(const char *failed_digest, cpath_build_state_t *build_state)
static void connection_edge_about_to_close(edge_connection_t *edge_conn)
int connection_ap_detach_retriable(entry_connection_t *conn, origin_circuit_t *circ, int reason)
STATIC int connected_cell_format_payload(uint8_t *payload_out, const tor_addr_t *addr, uint32_t ttl)
void connection_ap_rescan_and_attach_pending(void)
int connection_ap_handshake_send_begin(entry_connection_t *ap_conn)
static int connection_ap_process_natd(entry_connection_t *conn)
const entry_connection_t * CONST_TO_ENTRY_CONN(const connection_t *c)
static int consider_plaintext_ports(entry_connection_t *conn, uint16_t port)
void connection_ap_handshake_socks_reply(entry_connection_t *conn, char *reply, size_t replylen, int endreason)
static smartlist_t * pending_entry_connections
int connection_half_edge_is_valid_end(smartlist_t *half_conns, streamid_t stream_id)
void connection_exit_connect(edge_connection_t *edge_conn)
uint32_t clip_dns_ttl(uint32_t ttl)
static bool network_reentry_is_allowed(void)
int connection_ap_process_transparent(entry_connection_t *conn)
static int rend_valid_v2_service_id(const char *query)
void connection_ap_mark_as_pending_circuit_(entry_connection_t *entry_conn, const char *fname, int lineno)
#define TRACKHOSTEXITS_RETRIES
static mainloop_event_t * attach_pending_entry_connections_ev
void connection_edge_end_close(edge_connection_t *conn, uint8_t reason)
int connection_edge_finished_connecting(edge_connection_t *edge_conn)
int connection_edge_destroy(circid_t circ_id, edge_connection_t *conn)
static int connection_exit_connect_dir(edge_connection_t *exitconn)
int connection_edge_finished_flushing(edge_connection_t *conn)
static int my_exit_policy_rejects(const tor_addr_t *addr, uint16_t port, const char **why_rejected)
void circuit_clear_isolation(origin_circuit_t *circ)
int connection_exit_begin_resolve(cell_t *cell, or_circuit_t *circ)
void connection_exit_about_to_close(edge_connection_t *edge_conn)
static int connection_ap_get_original_destination(entry_connection_t *conn, socks_request_t *req)
STATIC bool parse_extended_hostname(char *address, hostname_type_t *type_out)
int connection_half_edge_is_valid_connected(const smartlist_t *half_conns, streamid_t stream_id)
entry_connection_t * EDGE_TO_ENTRY_CONN(edge_connection_t *c)
int connection_edge_flushed_some(edge_connection_t *conn)
int connection_ap_handshake_send_resolve(entry_connection_t *ap_conn)
void connection_ap_handshake_socks_resolved_addr(entry_connection_t *conn, const tor_addr_t *answer, int ttl, time_t expires)
int connection_edge_update_circuit_isolation(const entry_connection_t *conn, origin_circuit_t *circ, int dry_run)
int connection_edge_reached_eof(edge_connection_t *conn)
static void tell_controller_about_resolved_result(entry_connection_t *conn, int answer_type, size_t answer_len, const char *answer, int ttl, time_t expires)
int connection_ap_can_use_exit(const entry_connection_t *conn, const node_t *exit_node)
int connection_half_edge_is_valid_resolved(smartlist_t *half_conns, streamid_t stream_id)
int connection_edge_end_errno(edge_connection_t *conn)
int connection_edge_end(edge_connection_t *conn, uint8_t reason)
void connection_ap_attach_pending(int retry)
size_t half_streams_get_total_allocation(void)
int connection_half_edge_is_valid_sendme(const smartlist_t *half_conns, streamid_t stream_id)
int connection_edge_is_rendezvous_stream(const edge_connection_t *conn)
static int connection_ap_handle_onion(entry_connection_t *conn, socks_request_t *socks, origin_circuit_t *circ)
STATIC int begin_cell_parse(const cell_t *cell, begin_cell_t *bcell, uint8_t *end_reason_out)
void connection_ap_about_to_close(entry_connection_t *entry_conn)
static int relay_send_end_cell_from_edge(streamid_t stream_id, circuit_t *circ, uint8_t reason, crypt_path_t *cpath_layer)
const entry_connection_t * CONST_EDGE_TO_ENTRY_CONN(const edge_connection_t *c)
STATIC void connection_half_edge_add(const edge_connection_t *conn, origin_circuit_t *circ)
static int handle_hs_exit_conn(circuit_t *circ, edge_connection_t *conn)
edge_connection_t * TO_EDGE_CONN(connection_t *c)
const edge_connection_t * CONST_TO_EDGE_CONN(const connection_t *c)
void connection_ap_handshake_socks_resolved(entry_connection_t *conn, int answer_type, size_t answer_len, const uint8_t *answer, int ttl, time_t expires)
entry_connection_t * TO_ENTRY_CONN(connection_t *c)
STATIC half_edge_t * connection_half_edge_find_stream_id(const smartlist_t *half_conns, streamid_t stream_id)
static int memeq_opt(const char *a, size_t alen, const char *b, size_t blen)
int connection_exit_begin_conn(cell_t *cell, circuit_t *circ)
void connection_entry_set_controller_wait(entry_connection_t *conn)
streamid_t get_unique_stream_id_by_circ(origin_circuit_t *circ)
void half_edge_free_(half_edge_t *he)
void circuit_discard_optional_exit_enclaves(extend_info_t *info)
static int connection_ap_handshake_process_socks(entry_connection_t *conn)
int connection_edge_process_inbuf(edge_connection_t *conn, int package_partial)
static int compute_retry_timeout(entry_connection_t *conn)
Header file for connection_edge.c.
#define AP_CONN_STATE_HTTP_CONNECT_WAIT
#define EXIT_CONN_STATE_CONNECTING
#define AP_CONN_STATE_CONTROLLER_WAIT
#define EXIT_CONN_STATE_OPEN
#define AP_CONN_STATE_SOCKS_WAIT
int address_is_invalid_destination(const char *address, int client)
#define BEGIN_FLAG_IPV6_PREFERRED
#define EXIT_CONN_STATE_RESOLVEFAILED
#define AP_CONN_STATE_IS_UNATTACHED(s)
#define AP_CONN_STATE_CONNECT_WAIT
#define AP_CONN_STATE_OPEN
#define EXIT_PURPOSE_CONNECT
#define AP_CONN_STATE_RESOLVE_WAIT
#define BEGIN_FLAG_IPV4_NOT_OK
#define AP_CONN_STATE_CIRCUIT_WAIT
#define EXIT_CONN_STATE_RESOLVING
#define AP_CONN_STATE_NATD_WAIT
#define AP_CONN_STATE_RENDDESC_WAIT
#define BEGIN_FLAG_IPV6_OK
#define EXIT_PURPOSE_RESOLVE
int connection_or_digest_is_known_relay(const char *id_digest)
Header file for connection_or.c.
int control_event_stream_bandwidth(edge_connection_t *edge_conn)
int control_event_client_status(int severity, const char *format,...)
int control_event_stream_status(entry_connection_t *conn, stream_status_event_t tp, int reason_code)
int control_event_address_mapped(const char *from, const char *to, time_t expires, const char *error, const int cached, uint64_t stream_id)
Header file for control_events.c.
#define REMAP_STREAM_SOURCE_CACHE
Circuit-build-stse structure.
void memwipe(void *mem, uint8_t byte, size_t sz)
Common functions for cryptographic routines.
const char * extend_info_describe(const extend_info_t *ei)
const char * node_describe(const node_t *node)
Header file for describe.c.
int tor_memeq(const void *a, const void *b, size_t sz)
#define tor_memneq(a, b, sz)
Client/server directory connection structure.
int purpose_needs_anonymity(uint8_t dir_purpose, uint8_t router_purpose, const char *resource)
dir_connection_t * TO_DIR_CONN(connection_t *c)
char * http_get_header(const char *headers, const char *which)
int parse_http_command(const char *headers, char **command_out, char **url_out)
Header file for directory.c.
#define DIR_CONN_STATE_SERVER_COMMAND_WAIT
#define DIR_PURPOSE_SERVER
int directory_permits_begindir_requests(const or_options_t *options)
Header file for dirserv.c.
void connection_dns_remove(edge_connection_t *conn)
int dns_resolve(edge_connection_t *exitconn)
void dnsserv_reject_request(entry_connection_t *conn)
void dnsserv_resolved(entry_connection_t *conn, int answer_type, size_t answer_len, const char *answer, int ttl)
Header file for dnsserv.c.
Entry connection structure.
#define ENTRY_TO_EDGE_CONN(c)
const char * escaped(const char *s)
bool extend_info_has_orport(const extend_info_t *ei, const tor_addr_t *addr, uint16_t port)
Header for core/or/extendinfo.c.
int tor_open_cloexec(const char *path, int flags, unsigned mode)
Half-open connection structure.
int we_are_hibernating(void)
Header file for hibernate.c.
const hs_descriptor_t * hs_cache_lookup_as_client(const ed25519_public_key_t *key)
Header file for hs_cache.c.
Header file containing circuit data for the whole HS subsystem.
int hs_client_any_intro_points_usable(const ed25519_public_key_t *service_pk, const hs_descriptor_t *desc)
int hs_client_refetch_hsdesc(const ed25519_public_key_t *identity_pk)
Header file containing client data for the HS subsystem.
@ HS_CLIENT_FETCH_PENDING
@ HS_CLIENT_FETCH_MISSING_INFO
@ HS_CLIENT_FETCH_NO_HSDIRS
@ HS_CLIENT_FETCH_HAVE_DESC
@ HS_CLIENT_FETCH_NOT_ALLOWED
@ HS_CLIENT_FETCH_LAUNCHED
int hs_parse_address(const char *address, ed25519_public_key_t *key_out, uint8_t *checksum_out, uint8_t *version_out)
int hs_address_is_valid(const char *address)
void hs_inc_rdv_stream_counter(origin_circuit_t *circ)
Header file containing common data for the whole HS subsystem.
#define HS_SERVICE_ADDR_LEN_BASE32
hs_ident_edge_conn_t * hs_ident_edge_conn_new(const ed25519_public_key_t *identity_pk)
hs_circuit_id_protocol_t hs_service_exports_circuit_id(const ed25519_public_key_t *pk)
int hs_service_set_conn_addr_port(const origin_circuit_t *circ, edge_connection_t *conn)
@ HS_CIRCUIT_ID_PROTOCOL_HAPROXY
#define log_fn(severity, domain, args,...)
#define log_fn_ratelim(ratelim, severity, domain, args,...)
void connection_watch_events(connection_t *conn, watchable_events_t events)
void connection_start_reading(connection_t *conn)
void connection_start_writing(connection_t *conn)
smartlist_t * get_connection_array(void)
Header file for mainloop.c.
void note_user_activity(time_t now)
int32_t networkstatus_get_param(const networkstatus_t *ns, const char *param_name, int32_t default_val, int32_t min_val, int32_t max_val)
Header file for networkstatus.c.
Node information structure.
void node_get_address_string(const node_t *node, char *buf, size_t len)
const node_t * node_get_by_nickname(const char *nickname, unsigned flags)
const node_t * router_find_exact_exit_enclave(const char *address, uint16_t port)
bool nodelist_reentry_contains(const tor_addr_t *addr, uint16_t port)
const node_t * node_get_by_id(const char *identity_digest)
int node_exit_policy_rejects_all(const node_t *node)
Header file for nodelist.c.
Master header file for Tor-specific functionality.
#define CELL_PAYLOAD_SIZE
addressmap_entry_source_t
#define STREAMWINDOW_INCREMENT
#define STREAMWINDOW_START
#define END_STREAM_REASON_SOCKSPROTOCOL
#define END_STREAM_REASON_INVALID_NATD_DEST
#define END_STREAM_REASON_HTTPPROTOCOL
#define END_STREAM_REASON_CANT_ATTACH
#define END_STREAM_REASON_PRIVATE_ADDR
#define END_STREAM_REASON_CANT_FETCH_ORIG_DEST
#define RELAY_PAYLOAD_SIZE
#define END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED
#define END_STREAM_REASON_FLAG_ALREADY_SENT_CLOSED
#define RELAY_HEADER_SIZE
#define DOWNCAST(to, ptr)
#define END_STREAM_REASON_MASK
#define SOCKS4_NETWORK_LEN
#define END_CIRC_AT_ORIGIN
Origin circuit structure.
long tor_parse_long(const char *s, int base, long min, long max, int *ok, char **next)
addr_policy_result_t compare_tor_addr_to_node_policy(const tor_addr_t *addr, uint16_t port, const node_t *node)
Header file for policies.c.
@ ADDR_POLICY_PROBABLY_REJECTED
void rep_hist_note_used_port(time_t now, uint16_t port)
void rep_hist_note_used_internal(time_t now, int need_uptime, int need_capacity)
void rep_hist_note_used_resolve(time_t now)
Header file for predict_ports.c.
int tor_asprintf(char **strp, const char *fmt,...)
int tor_snprintf(char *str, size_t size, const char *format,...)
int fetch_from_buf_http(buf_t *buf, char **headers_out, size_t max_headerlen, char **body_out, size_t *body_used, size_t max_bodylen, int force_complete)
int fetch_from_buf_socks(buf_t *buf, socks_request_t *req, int log_sockstype, int safe_socks)
Header for proto_socks.c.
char * rate_limit_log(ratelim_t *lim, time_t now)
const char * stream_end_reason_to_string(int reason)
socks5_reply_status_t stream_end_reason_to_socks5_response(int reason)
const char * end_reason_to_http_connect_response_line(int endreason)
uint8_t errno_to_stream_end_reason(int e)
Header file for reasons.c.
void relay_header_unpack(relay_header_t *dest, const uint8_t *src)
int connection_edge_package_raw_inbuf(edge_connection_t *conn, int package_partial, int *max_cells)
int connection_edge_send_command(edge_connection_t *fromconn, uint8_t relay_command, const char *payload, size_t payload_len)
Header file for rendcommon.c.
void rep_hist_note_exit_stream_opened(uint16_t port)
Header file for rephist.c.
int router_compare_to_my_exit_policy(const tor_addr_t *addr, uint16_t port)
int should_refuse_unknown_exits(const or_options_t *options)
Header file for router.c.
int hexdigest_to_digest(const char *hexdigest, char *digest)
Header file for routerlist.c.
int server_mode(const or_options_t *options)
Header file for routermode.c.
int routerset_contains_node(const routerset_t *set, const node_t *node)
Header file for routerset.c.
void sendme_connection_edge_consider_sending(edge_connection_t *conn)
Header file for sendme.c.
void * smartlist_bsearch(const smartlist_t *sl, const void *key, int(*compare)(const void *key, const void **member))
int smartlist_contains_int_as_string(const smartlist_t *sl, int num)
int smartlist_bsearch_idx(const smartlist_t *sl, const void *key, int(*compare)(const void *key, const void **member), int *found_out)
void smartlist_insert(smartlist_t *sl, int idx, void *val)
smartlist_t * smartlist_new(void)
int smartlist_contains(const smartlist_t *sl, const void *element)
void smartlist_add(smartlist_t *sl, void *element)
void smartlist_remove(smartlist_t *sl, const void *element)
void smartlist_del_keeporder(smartlist_t *sl, int idx)
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
Client request structure.
#define SOCKS_COMMAND_RESOLVE_PTR
#define SOCKS_COMMAND_CONNECT
#define SOCKS_COMMAND_RESOLVE
uint8_t payload[CELL_PAYLOAD_SIZE]
char identity_digest[DIGEST_LEN]
uint16_t marked_for_close
time_t timestamp_last_read_allowed
struct connection_t * linked_conn
uint16_t marked_for_close
const char * marked_for_close_file
extend_info_t * chosen_exit
struct crypt_path_t * prev
extend_info_t * extend_info
struct crypt_path_t * cpath_layer
struct edge_connection_t * next_stream
unsigned int edge_has_sent_end
struct circuit_t * on_circuit
unsigned int is_transparent_ap
socks_request_t * socks_request
struct evdns_server_request * dns_server_request
unsigned int chosen_exit_optional
char * original_dest_address
unsigned int chosen_exit_retries
unsigned int may_use_optimistic_data
struct buf_t * pending_optimistic_data
uint8_t num_socks_retries
unsigned int use_begindir
unsigned int use_cached_ipv4_answers
unsigned int prefer_ipv6_virtaddr
char identity_digest[DIGEST_LEN]
ed25519_public_key_t identity_pk
ed25519_public_key_t identity_pk
uint16_t orig_virtual_port
char identity[DIGEST_LEN]
edge_connection_t * n_streams
struct routerset_t * ExcludeExitNodes
struct smartlist_t * RejectPlaintextPorts
struct routerset_t * ExcludeExitNodesUnion_
struct smartlist_t * WarnPlaintextPorts
int LeaveStreamsUnattached
int ClientRejectInternalAddresses
enum or_options_t::@2 TransProxyType_parsed
int AutomapHostsOnResolve
int ClientDNSRejectInternalAddresses
uint64_t associated_isolated_stream_global_id
uint32_t global_identifier
struct hs_ident_circuit_t * hs_ident
edge_connection_t * p_streams
unsigned int isolation_values_set
uint8_t isolation_flags_mixed
unsigned int isolation_any_streams_attached
streamid_t next_stream_id
smartlist_t * half_streams
unsigned int has_finished
unsigned int socks_use_extended_errors
uint8_t reply[MAX_SOCKS_REPLY_LEN]
socks5_reply_status_t socks_extended_error_code
char address[MAX_SOCKS_ADDR_LEN]
#define MOCK_IMPL(rv, funcname, arglist)
#define tor_assert_nonfatal_unreached()
#define tor_fragile_assert()
void tor_strlower(char *s)
int strcmpstart(const char *s1, const char *s2)
int strcmpend(const char *s1, const char *s2)
int tor_digest_is_zero(const char *digest)